Can you easily add all methods behind the ssl_required instead of having to add them one by one? Like ssl_required :all
You can define a protected method in your controller, which will make
every action in this controller and all its subclasses only available
through ssl:
def ssl_required? true end
izidor
Izidor Jerebic wrote:
You can define a protected method in your controller, which will make every action in this controller and all its subclasses only available through ssl:
def ssl_required? true end
izidor
Thanks
I'm concerned this may not be the best way to go.
in my /app/controllers/application.rb file i've added
def ssl_required? return false if ENV['RAILS_ENV'] == true end
So that I can still run my application on webrick without https in development mode.
But, when I want ssl_required to work on all my controllers and utilize the method below, my ssl_required? method in the application helper doesn't function as intended. the ssl_required in the individual controller takes precedence.
it is too bad one can't just add
ssl_required :all
Does anyone know how to solve both problems in the best way possible?
Thank you!
Pål Bergström wrote:
class SecureAreaController < ApplicationController
protected
def ssl_required? Rails.env.production? end
end
class CreditCardController < SecureAreaController
...
end
Ryan, If you are using or can use passenger to serve your production env, then an alternative that would make this a non-issue would be to use passenger to serve your development env as well. That way you'd be able to use ssl in dev env just as you would in prod env. Another benefit would be that you'd also be able to test your prod env setup (ie subdomain, virtual-host, passenger/web-server, etc) by having a similar setup for your dev env.
Jeff
I found this fork of ssl_required that solves this problem, but I haven't tried it yet:
http://github.com/bcurren/ssl_requirement
Ryan Wilson wrote: